diff options
Diffstat (limited to 'app/src/main/java/se')
3 files changed, 52 insertions, 36 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java index c7e12491..6b3ba348 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/BitmaskApp.java @@ -35,8 +35,10 @@ import androidx.lifecycle.ProcessLifecycleOwner; import androidx.localbroadcastmanager.content.LocalBroadcastManager; import androidx.multidex.MultiDexApplication; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.conscrypt.Conscrypt; +import java.security.Provider; import java.security.Security; import se.leap.bitmaskclient.BuildConfig; @@ -70,7 +72,14 @@ public class BitmaskApp extends MultiDexApplication implements DefaultLifecycleO super.onCreate(); // Normal app init code...*/ PRNGFixes.apply(); - Security.insertProviderAt(Conscrypt.newProvider(), 1); + final Provider provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); + // Replace Android's own BC provider + if (!provider.getClass().equals(BouncyCastleProvider.class)) { + Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); + Security.insertProviderAt(new BouncyCastleProvider(), 1); + } + Security.insertProviderAt(Conscrypt.newProvider(), 2); + preferenceHelper = new PreferenceHelper(this); providerObservable = ProviderObservable.getInstance(); providerObservable.updateProvider(getSavedProviderFromSharedPreferences()); diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/PrivateKeyHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/PrivateKeyHelper.java index eb4d6956..43af5200 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/PrivateKeyHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/PrivateKeyHelper.java @@ -1,6 +1,8 @@ package se.leap.bitmaskclient.base.utils; -import android.os.Build; +import static android.util.Base64.encodeToString; + +import android.util.Log; import androidx.annotation.Nullable; import androidx.annotation.VisibleForTesting; @@ -11,7 +13,6 @@ import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; -import java.security.interfaces.EdECPrivateKey; import java.security.interfaces.RSAPrivateKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; @@ -20,13 +21,16 @@ import de.blinkt.openvpn.core.NativeUtils; public class PrivateKeyHelper { + public static final String TAG = PrivateKeyHelper.class.getSimpleName(); + public static final String RSA = "RSA"; public static final String ED_25519 = "Ed25519"; + public static final String ECDSA = "ECDSA"; public static final String RSA_KEY_BEGIN = "-----BEGIN RSA PRIVATE KEY-----\n"; public static final String RSA_KEY_END = "-----END RSA PRIVATE KEY-----"; - public static final String ED_25519_KEY_BEGIN = "-----BEGIN PRIVATE KEY-----\n"; - public static final String ED_25519_KEY_END = "-----END PRIVATE KEY-----"; + public static final String EC_KEY_BEGIN = "-----BEGIN PRIVATE KEY-----\n"; + public static final String EC_KEY_END = "-----END PRIVATE KEY-----"; public interface PrivateKeyHelperInterface { @@ -43,7 +47,7 @@ public class PrivateKeyHelper { } if (privateKeyString.contains(RSA_KEY_BEGIN)) { return parseRsaKeyFromString(privateKeyString); - } else if (privateKeyString.contains(ED_25519_KEY_BEGIN)) { + } else if (privateKeyString.contains(EC_KEY_BEGIN)) { return parseECPrivateKey(privateKeyString); } else { return null; @@ -54,11 +58,7 @@ public class PrivateKeyHelper { RSAPrivateKey key; try { KeyFactory kf; - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) { - kf = KeyFactory.getInstance(RSA, "BC"); - } else { - kf = KeyFactory.getInstance(RSA); - } + kf = KeyFactory.getInstance(RSA, "BC"); rsaKeyString = rsaKeyString.replaceFirst(RSA_KEY_BEGIN, "").replaceFirst(RSA_KEY_END, ""); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decode(rsaKeyString)); @@ -73,20 +73,38 @@ public class PrivateKeyHelper { } private PrivateKey parseECPrivateKey(String ecKeyString) { - KeyFactory kf; + String base64 = ecKeyString.replace(EC_KEY_BEGIN, "").replace(EC_KEY_END, ""); + byte[] keyBytes = Base64.decode(base64); + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); + String errMsg; try { - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) { - kf = KeyFactory.getInstance(ED_25519, "BC"); - } else { - kf = KeyFactory.getInstance(ED_25519); - } - ecKeyString = ecKeyString.replaceFirst(ED_25519_KEY_BEGIN, "").replaceFirst(ED_25519_KEY_END, ""); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decode(ecKeyString)); - return kf.generatePrivate(keySpec); - } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) { - e.printStackTrace(); - return null; + KeyFactory keyFactory = KeyFactory.getInstance(ED_25519, "BC"); + return keyFactory.generatePrivate(keySpec); + } catch (InvalidKeySpecException | NoSuchAlgorithmException | NoSuchProviderException e) { + errMsg = e.toString(); + } + + try { + KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, "BC"); + return keyFactory.generatePrivate(keySpec); + } catch (InvalidKeySpecException | NoSuchAlgorithmException | NoSuchProviderException e) { + errMsg += "\n" + e.toString(); + Log.e(TAG, errMsg); } + return null; + } + } + + public static String getPEMFormattedPrivateKey(PrivateKey key) throws NullPointerException { + if (key == null) { + throw new NullPointerException("Private key was null."); + } + String keyString = encodeToString(key.getEncoded(), android.util.Base64.DEFAULT); + + if (key instanceof RSAPrivateKey) { + return (RSA_KEY_BEGIN + keyString + RSA_KEY_END); + } else { + return EC_KEY_BEGIN + keyString + EC_KEY_END; } } diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerV3.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerV3.java index b2c1aa10..965741f0 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerV3.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerV3.java @@ -39,10 +39,7 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICA import static se.leap.bitmaskclient.base.utils.BuildConfigHelper.isDefaultBitmask; import static se.leap.bitmaskclient.base.utils.CertificateHelper.getFingerprintFromCertificate; import static se.leap.bitmaskclient.base.utils.ConfigHelper.getProviderFormattedString; -import static se.leap.bitmaskclient.base.utils.PrivateKeyHelper.ED_25519_KEY_BEGIN; -import static se.leap.bitmaskclient.base.utils.PrivateKeyHelper.ED_25519_KEY_END; -import static se.leap.bitmaskclient.base.utils.PrivateKeyHelper.RSA_KEY_BEGIN; -import static se.leap.bitmaskclient.base.utils.PrivateKeyHelper.RSA_KEY_END; +import static se.leap.bitmaskclient.base.utils.PrivateKeyHelper.getPEMFormattedPrivateKey; import static se.leap.bitmaskclient.base.utils.PrivateKeyHelper.parsePrivateKeyFromString; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; @@ -99,10 +96,8 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; -import java.security.interfaces.RSAPrivateKey; import java.util.ArrayList; import java.util.List; -import java.util.StringTokenizer; import java.util.concurrent.TimeoutException; import javax.net.ssl.SSLHandshakeException; @@ -386,13 +381,7 @@ public class ProviderApiManagerV3 extends ProviderApiManagerBase implements IPro } PrivateKey key = parsePrivateKeyFromString(keyString); - keyString = Base64.encodeToString(key.getEncoded(), Base64.DEFAULT); - - if (key instanceof RSAPrivateKey) { - provider.setPrivateKeyString(RSA_KEY_BEGIN + keyString + RSA_KEY_END); - } else { - provider.setPrivateKeyString(ED_25519_KEY_BEGIN + keyString + ED_25519_KEY_END); - } + provider.setPrivateKeyString(getPEMFormattedPrivateKey(key)); ArrayList<X509Certificate> certificates = ConfigHelper.parseX509CertificatesFromString(certificateString); certificates.get(0).checkValidity(); |